factual

What is 'PCI-DSS' and where can I find the standards for a Chop5 Salad Kitchen franchise?

Chop5_Salad_Kitchen Franchise · 2024 FDD

Answer from 2024 FDD Document

  • 15.6. Ownership and Protection of Data. We are the exclusive owner of all Business Data collected by you, us or any other Person. We hereby grant you a license to utilize the Business Data solely for purposes of operating your Restaurant in compliance with this Agreement. You must protect all Customer Data with a level of control proportionate to the sensitivity of data. You must adhere to applicable privacy Laws with respect to data which, if compromised, could have a negative impact on our image or consumer confidence. You agree to: (a) comply with all applicable data protection Laws and our data processing and data privacy policies in the Manual (if any); and (b) upon request, sign any data processing or data privacy agreement required by us or by Law. You further agree to:
    • (i) obtain, maintain and adhere to all applicable compliance standards established by PCI-DSS;
    • (ii) establish appropriate administrative, technical and physical controls consistent with Law and PCI-DSS to preserve the security and confidentiality of any credit card information, in any form whatsoever, that you store, process, transmit or come in contact with;
    • (iii) promptly notify us if you suspect there is, or has been, a security breach or potential compromise of any such credit card information;
    • (iv) provide us with updates regarding the status of PCI-DSS, which update may be through a completed PCI AOC (Attestation of Compliance), PCI-DSS SAQ (Self-Assessment Questionnaire) or other method mutually agreed; and
    • (v) promptly notify us of any noncompliance with PCI-DSS requirements to discuss your remediation efforts and timeline.

Source: Item 23 — RECEIPT (FDD pages 50–178)

What This Means (2024 FDD)

According to the 2024 Chop5 Salad Kitchen FDD, PCI-DSS refers to compliance standards related to credit card information security. Specifically, PCI-DSS stands for the Payment Card Industry Data Security Standard.

As a Chop5 Salad Kitchen franchisee, you must adhere to all applicable compliance standards established by PCI-DSS. This includes establishing appropriate administrative, technical, and physical controls to protect the security and confidentiality of any credit card information that you store, process, transmit, or come into contact with. You are also required to promptly notify Chop5 Salad Kitchen if you suspect any security breach or potential compromise of credit card information.

Furthermore, you must provide Chop5 Salad Kitchen with updates regarding your PCI-DSS compliance status, potentially through a completed PCI AOC (Attestation of Compliance), PCI-DSS SAQ (Self-Assessment Questionnaire), or another mutually agreed-upon method. You are also obligated to promptly inform Chop5 Salad Kitchen of any noncompliance with PCI-DSS requirements to discuss remediation efforts and timelines. The FDD indicates that further details regarding data processing and data privacy policies may be found in the manual.

Disclaimer: This information is extracted from the 2024 Franchise Disclosure Document and is provided for research purposes only. It does not constitute legal or financial advice. Consult with a franchise attorney before making any investment decisions.
All Chop5_Salad_Kitchen 2024 FAQs Ask FDD Ninja